zydronium/websitepanel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not return password form Enterprise Service Methods

Browse source
This commit is contained in:
alexY2004 2015-05-14 12:18:53 +03:00
parent e93d354058
commit db16c927cb
15 changed files with 129 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

58
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Base/Users/UserInfo.cs
View file

@ -51,7 +51,7 @@ namespace WebsitePanel.EnterpriseServer
private bool isDemo;
private string comments;
private string username;
private string password;
// private string password;
private string firstName;
private string lastName;
private string email;
@ -78,6 +78,39 @@ namespace WebsitePanel.EnterpriseServer
{
}
public UserInfo(UserInfo src)
{
userId = src.userId;
ownerId = src.ownerId;
roleId = src.roleId;
statusId = src.statusId;
loginStatusId = src.loginStatusId;
failedLogins = src.failedLogins;
created = src.created;
changed = src.changed;
isPeer = src.isPeer;
isDemo = src.isDemo;
comments = src.comments;
username = src.username;
firstName = src.firstName;
lastName = src.lastName;
email = src.email;
secondaryEmail = src.secondaryEmail;
address = src.address;
city = src.city;
country = src.country;
state = src.state;
zip = src.zip;
primaryPhone = src.primaryPhone;
secondaryPhone = src.secondaryPhone;
fax = src.fax;
instantMessenger = src.instantMessenger;
htmlMail = src.htmlMail;
companyName = src.companyName;
ecommerceEnabled = src.ecommerceEnabled;
subscriberNumber = src.subscriberNumber;
}
/// <summary>
/// User role ID:
/// Administrator = 1,
@ -200,11 +233,11 @@ namespace WebsitePanel.EnterpriseServer
set { this.username = value; }
}
public string Password
{
get { return this.password; }
set { this.password = value; }
}
// public string Password
// {
// get { return this.password; }
// set { this.password = value; }
// }
public string FirstName
{
@ -347,7 +380,18 @@ namespace WebsitePanel.EnterpriseServer
{
public ushort VLanID { get; set; }
public string Comment { get; set; }
}
};
public class UserInfoInternal : UserInfo
{
private string password;
public string Password
{
get { return this.password; }
set { this.password = value; }
}
};
}

20
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Client/UsersProxy.cs
View file

@ -840,20 +840,23 @@ namespace WebsitePanel.EnterpriseServer
/// <remarks/>
[System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://smbsaas/websitepanel/enterpriseserver/AddUser", RequestNamespace = "http://smbsaas/websitepanel/enterpriseserver", ResponseNamespace = "http://smbsaas/websitepanel/enterpriseserver", Use = System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle = System.Web.Services.Protocols.SoapParameterStyle.Wrapped)]
public int AddUser(UserInfo user, bool sendLetter)
public int AddUser(UserInfo user, bool sendLetter, string password)
{
object[] results = this.Invoke("AddUser", new object[] {
user,
sendLetter});
sendLetter,
password
});
return ((int)(results[0]));
}
/// <remarks/>
public System.IAsyncResult BeginAddUser(UserInfo user, bool sendLetter, System.AsyncCallback callback, object asyncState)
public System.IAsyncResult BeginAddUser(UserInfo user, bool sendLetter, string password, System.AsyncCallback callback, object asyncState)
{
return this.BeginInvoke("AddUser", new object[] {
user,
sendLetter}, callback, asyncState);
sendLetter,
password}, callback, asyncState);
}
/// <remarks/>
@ -864,13 +867,13 @@ namespace WebsitePanel.EnterpriseServer
}
/// <remarks/>
public void AddUserAsync(UserInfo user, bool sendLetter)
public void AddUserAsync(UserInfo user, bool sendLetter, string password)
{
this.AddUserAsync(user, sendLetter, null);
this.AddUserAsync(user, sendLetter, password, null);
}
/// <remarks/>
public void AddUserAsync(UserInfo user, bool sendLetter, object userState)
public void AddUserAsync(UserInfo user, bool sendLetter, string password, object userState)
{
if ((this.AddUserOperationCompleted == null))
{
@ -878,7 +881,8 @@ namespace WebsitePanel.EnterpriseServer
}
this.InvokeAsync("AddUser", new object[] {
user,
sendLetter}, this.AddUserOperationCompleted, userState);
sendLetter,
password}, this.AddUserOperationCompleted, userState);
}
private void OnAddUserOperationCompleted(object arg)

2
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Common/ServiceUsernameTokenManager.cs
View file

@ -69,7 +69,7 @@ namespace WebsitePanel.EnterpriseServer
protected override string AuthenticateToken(UsernameToken token)
{
// try to load user account
UserInfo user = UserController.GetUserInternally(token.Username);
UserInfoInternal user = UserController.GetUserInternally(token.Username);
if (user == null)
return null;

2
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Ecommerce/ContractSystem/ContractController.cs
View file

@ -182,7 +182,7 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer.ContractSystem
//
if (customerId > -1)
{
ES.UserInfo userInfo = (internally) ? ES.UserController.GetUserInternally(customerId) :
ES.UserInfoInternal userInfo = (internally) ? ES.UserController.GetUserInternally(customerId) :
ES.UserController.GetUser(customerId);
//
if (internally)

4
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Ecommerce/Provisioning/DomainNameController.cs
View file

@ -520,12 +520,12 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer
return settings;
}
private CommandParams PrepeareAccountParams(UserInfo userInfo)
private CommandParams PrepeareAccountParams(UserInfo userInfo, string password)
{
CommandParams args = new CommandParams();
args[CommandParams.USERNAME] = userInfo.Username;
args[CommandParams.PASSWORD] = userInfo.Password;
args[CommandParams.PASSWORD] = password;
args[CommandParams.FIRST_NAME] = userInfo.FirstName;
args[CommandParams.LAST_NAME] = userInfo.LastName;
args[CommandParams.EMAIL] = userInfo.Email;

4
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Ecommerce/TriggerSystem/CommonTrigger.cs
View file

@ -113,7 +113,7 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer
// create user account
ES.UserInfo userInfo = new ES.UserInfo();
userInfo.Username = account[ContractAccount.USERNAME];
userInfo.Password = account[ContractAccount.PASSWORD];
// userInfo.Password = account[ContractAccount.PASSWORD];
userInfo.Email = account[ContractAccount.EMAIL];
userInfo.FirstName = account[ContractAccount.FIRST_NAME];
userInfo.LastName = account[ContractAccount.LAST_NAME];
@ -133,7 +133,7 @@ namespace WebsitePanel.Ecommerce.EnterpriseServer
userInfo.OwnerId = contract.ResellerId;
userInfo.Created = DateTime.Now;
// create account
int resultCode = ES.UserController.AddUser(userInfo, true);
int resultCode = ES.UserController.AddUser(userInfo, true, account[ContractAccount.PASSWORD]);
//
if (resultCode > 0)
{

6
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Packages/PackageController.cs
View file

@ -422,7 +422,7 @@ namespace WebsitePanel.EnterpriseServer
return result;
// load user info
UserInfo user = UserController.GetUser(userId);
UserInfoInternal user = UserController.GetUser(userId);
if (createFtpAccount)
{
@ -2086,7 +2086,7 @@ namespace WebsitePanel.EnterpriseServer
items["user"] = user;
// get reseller details
UserInfo reseller = UserController.GetUser(user.OwnerId);
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
if (reseller != null)
{
reseller.Password = "";
@ -2123,7 +2123,7 @@ namespace WebsitePanel.EnterpriseServer
items["user"] = user;
// get reseller details
UserInfo reseller = UserController.GetUser(user.OwnerId);
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
if (reseller != null)
{
reseller.Password = "";

6
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/StatisticsServers/StatisticsServerController.cs
View file

@ -112,10 +112,12 @@ namespace WebsitePanel.EnterpriseServer
UserInfo user = PackageController.GetPackageOwner(item.PackageId);
if (user != null)
{
UserInfoInternal userInternal = UserController.GetUserInternally(user.UserId);
site.StatisticsUrl = Utils.ReplaceStringVariable(site.StatisticsUrl, "username",
HttpUtility.UrlEncode(user.Username));
HttpUtility.UrlEncode(userInternal.Username));
site.StatisticsUrl = Utils.ReplaceStringVariable(site.StatisticsUrl, "password",
HttpUtility.UrlEncode(user.Password));
HttpUtility.UrlEncode(userInternal.Password));
}
}

32
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Users/UserController.cs
View file

@ -58,7 +58,7 @@ namespace WebsitePanel.EnterpriseServer
try
{
// try to get user from database
UserInfo user = GetUserInternally(username);
UserInfoInternal user = GetUserInternally(username);
// check if the user exists
if (user == null)
@ -99,7 +99,7 @@ namespace WebsitePanel.EnterpriseServer
// compare user passwords
if (user.Password != password)
if (CryptoUtils.SHA1(user.Password) != password)
{
if (lockOut >= 0)
DataProvider.UpdateUserFailedLoginAttempt(user.UserId, lockOut, false);
@ -145,7 +145,7 @@ namespace WebsitePanel.EnterpriseServer
try
{
// try to get user from database
UserInfo user = GetUserInternally(username);
UserInfoInternal user = GetUserInternally(username);
// check if the user exists
if (user == null)
@ -155,8 +155,8 @@ namespace WebsitePanel.EnterpriseServer
}
// compare user passwords
if (user.Password == password)
return user;
if (CryptoUtils.SHA1(user.Password) == password)
return new UserInfo(user);
return null;
}
@ -239,7 +239,7 @@ namespace WebsitePanel.EnterpriseServer
items["Email"] = true;
// get reseller details
UserInfo reseller = UserController.GetUser(user.OwnerId);
UserInfoInternal reseller = UserController.GetUser(user.OwnerId);
if (reseller != null)
{
reseller.Password = "";
@ -264,10 +264,10 @@ namespace WebsitePanel.EnterpriseServer
}
}
internal static UserInfo GetUserInternally(int userId)
internal static UserInfoInternal GetUserInternally(int userId)
{
// try to get user from database
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
DataProvider.GetUserByIdInternally(userId));
if (user != null)
@ -275,10 +275,10 @@ namespace WebsitePanel.EnterpriseServer
return user;
}
internal static UserInfo GetUserInternally(string username)
internal static UserInfoInternal GetUserInternally(string username)
{
// try to get user from database
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
DataProvider.GetUserByUsernameInternally(username));
if (user != null)
@ -288,10 +288,10 @@ namespace WebsitePanel.EnterpriseServer
return user;
}
public static UserInfo GetUser(int userId)
public static UserInfoInternal GetUser(int userId)
{
// try to get user from database
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
DataProvider.GetUserById(SecurityContext.User.UserId, userId));
if (user != null)
@ -299,10 +299,10 @@ namespace WebsitePanel.EnterpriseServer
return user;
}
public static UserInfo GetUser(string username)
public static UserInfoInternal GetUser(string username)
{
// try to get user from database
UserInfo user = ObjectUtils.FillObjectFromDataReader<UserInfo>(
UserInfoInternal user = ObjectUtils.FillObjectFromDataReader<UserInfoInternal>(
DataProvider.GetUserByUsername(SecurityContext.User.UserId, username));
if (user != null)
@ -381,7 +381,7 @@ namespace WebsitePanel.EnterpriseServer
return DataProvider.GetUsers(SecurityContext.User.UserId, ownerId, recursive);
}
public static int AddUser(UserInfo user, bool sendLetter)
public static int AddUser(UserInfo user, bool sendLetter, string password)
{
// check account
int accountCheck = SecurityContext.CheckAccount(DemandAccount.NotDemo);
@ -424,7 +424,7 @@ namespace WebsitePanel.EnterpriseServer
user.IsPeer,
user.Comments,
user.Username.Trim(),
CryptoUtils.Encrypt(user.Password),
CryptoUtils.Encrypt(password),
user.FirstName,
user.LastName,
user.Email,

4
WebsitePanel/Sources/WebsitePanel.EnterpriseServer.Code/Wizards/UserCreationWizard.cs
View file

@ -119,11 +119,11 @@ namespace WebsitePanel.EnterpriseServer
user.Email = email;
user.SecondaryEmail = secondaryEmail;
user.Username = username;
user.Password = password;
// user.Password = password;
user.HtmlMail = htmlMail;
// add a new user
createdUserId = UserController.AddUser(user, false);
createdUserId = UserController.AddUser(user, false, password);
if (createdUserId < 0)
{
// exit

14
WebsitePanel/Sources/WebsitePanel.EnterpriseServer/esUsers.asmx.cs
View file

@ -57,13 +57,15 @@ namespace WebsitePanel.EnterpriseServer
[WebMethod]
public UserInfo GetUserById(int userId)
{
return UserController.GetUser(userId);
UserInfoInternal uinfo = UserController.GetUser(userId);
return (uinfo != null) ? new UserInfo(uinfo) : null;
}
[WebMethod]
public UserInfo GetUserByUsername(string username)
{
return UserController.GetUser(username);
UserInfoInternal uinfo = UserController.GetUser(username);
return (uinfo != null) ? new UserInfo(uinfo) : null;
}
[WebMethod]
@ -136,9 +138,9 @@ namespace WebsitePanel.EnterpriseServer
}
[WebMethod]
public int AddUser(UserInfo user, bool sendLetter)
public int AddUser(UserInfo user, bool sendLetter, string password)
{
return UserController.AddUser(user, sendLetter);
return UserController.AddUser(user, sendLetter, password);
}
[WebMethod]
@ -175,7 +177,7 @@ namespace WebsitePanel.EnterpriseServer
user.IsPeer = isPeer;
user.IsDemo = isDemo;
user.Username = username;
user.Password = password;
// user.Password = password;
user.FirstName = firstName;
user.LastName = lastName;
user.Email = email;
@ -192,7 +194,7 @@ namespace WebsitePanel.EnterpriseServer
user.HtmlMail = htmlMail;
user.CompanyName = companyName;
user.EcommerceEnabled = ecommerceEnabled;
return UserController.AddUser(user, sendLetter);
return UserController.AddUser(user, sendLetter, password);
}
[WebMethod]

26
WebsitePanel/Sources/WebsitePanel.WebPortal/Code/PortalUtils.cs
View file

@ -43,6 +43,7 @@ using System.Web.Security;
using System.Web.UI.WebControls;
using System.Net;
using System.Net.Mail;
using System.Security.Cryptography;
using Microsoft.Web.Services3;
using WebsitePanel.EnterpriseServer;
@ -336,15 +337,30 @@ namespace WebsitePanel.Portal
return DefaultPage.GetLocalizedPageName(pageId);
}
public static string SHA1(string plainText)
{
// Convert plain text into a byte array.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
HashAlgorithm hash = new SHA1Managed(); ;
// Compute hash value of our plain text with appended salt.
byte[] hashBytes = hash.ComputeHash(plainTextBytes);
// Return the result.
return Convert.ToBase64String(hashBytes);
}
public static int AuthenticateUser(string username, string password, string ipAddress,
bool rememberLogin, string preferredLocale, string theme)
{
esAuthentication authService = new esAuthentication();
ConfigureEnterpriseServerProxy(authService, false);
string passwordSH = SHA1(password);
try
{
int authResult = authService.AuthenticateUser(username, password, ipAddress);
int authResult = authService.AuthenticateUser(username, passwordSH, ipAddress);
if (authResult < 0)
{
@ -352,13 +368,13 @@ namespace WebsitePanel.Portal
}
else
{
UserInfo user = authService.GetUserByUsernamePassword(username, password, ipAddress);
UserInfo user = authService.GetUserByUsernamePassword(username, passwordSH, ipAddress);
if (user != null)
{
if (IsRoleAllowedToLogin(user.Role))
{
// issue authentication ticket
FormsAuthenticationTicket ticket = CreateAuthTicket(user.Username, user.Password, user.Role, rememberLogin);
FormsAuthenticationTicket ticket = CreateAuthTicket(user.Username, password, user.Role, rememberLogin);
SetAuthTicket(ticket, rememberLogin);
CompleteUserLogin(username, rememberLogin, preferredLocale, theme);
@ -513,7 +529,7 @@ namespace WebsitePanel.Portal
}
}
public static int AddUserAccount(List<string> log, UserInfo user, bool sendLetter)
public static int AddUserAccount(List<string> log, UserInfo user, bool sendLetter, string password)
{
esUsers usersService = new esUsers();
ConfigureEnterpriseServerProxy(usersService, true);
@ -521,7 +537,7 @@ namespace WebsitePanel.Portal
try
{
// add user to WebsitePanel server
return usersService.AddUser(user, sendLetter);
return usersService.AddUser(user, sendLetter, password);
}
catch (Exception ex)
{

4
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/Code/Helpers/UsersHelper.cs
View file

@ -210,10 +210,10 @@ namespace WebsitePanel.Portal
return dsUsers;
}
public static int AddUser(List<string> log, int portalId, UserInfo user, bool sendLetter)
public static int AddUser(List<string> log, int portalId, UserInfo user, bool sendLetter, string password)
{
// add user to WebsitePanel server
return ES.Services.Users.AddUser(user, sendLetter);
return ES.Services.Users.AddUser(user, sendLetter, password);
}
public static void AddUserVLan(int userId, UserVlan vLan)

4
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/PeersEditPeer.ascx.cs
View file

@ -195,7 +195,7 @@ namespace WebsitePanel.Portal
user.SecondaryEmail = txtSecondaryEmail.Text;
user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
user.Username = txtUsername.Text;
user.Password = userPassword.Password;
// user.Password = userPassword.Password;
user.IsDemo = chkDemo.Checked;
user.LoginStatusId = loginStatus.SelectedIndex;
@ -220,7 +220,7 @@ namespace WebsitePanel.Portal
try
{
//int userId = UsersHelper.AddUser(log, PortalId, user);
int userId = PortalUtils.AddUserAccount(log, user, false);
int userId = PortalUtils.AddUserAccount(log, user, false, userPassword.Password);
if (userId < 0)
{

4
WebsitePanel/Sources/WebsitePanel.WebPortal/DesktopModules/WebsitePanel/UserCreateUserAccount.ascx.cs
View file

@ -103,7 +103,7 @@ namespace WebsitePanel.Portal
user.SecondaryEmail = txtSecondaryEmail.Text;
user.HtmlMail = ddlMailFormat.SelectedIndex == 1;
user.Username = txtUsername.Text.Trim();
user.Password = userPassword.Password;
// user.Password = userPassword.Password;
// contact info
user.CompanyName = contact.CompanyName;
@ -123,7 +123,7 @@ namespace WebsitePanel.Portal
try
{
//int userId = UsersHelper.AddUser(log, PortalId, user);
int userId = PortalUtils.AddUserAccount(log, user, chkAccountLetter.Checked);
int userId = PortalUtils.AddUserAccount(log, user, chkAccountLetter.Checked, userPassword.Password);
if (userId == BusinessErrorCodes.ERROR_INVALID_USER_NAME)
{